Accept outgoing SSH connection

G00fy · 08-22-2008, 08:15 AM

Imagine the following situation:
(my) internal server <--> || firewall || <--> (my) external server

From the internal server I can make an SSH connection to the external server. But I cannot make one from the external to the internal.

One way is ofcourse beat the security guys in order to give me access, but as I'm not a very intimidating person, I don't think that'll work.

So the question is... Is there any way I can let an internal server make a call to the external server, accept that there and be able to use the established connection as a normal shell?

I am looking much like what VNC does, but than for shell access.

Thx!

marozsas · 08-22-2008, 11:01 AM

in this document,
read the section "A Remote Desktop Assistance Trick".

erhh...that vnc thing at end of your post confused me, sorry. You actually wants to have a ssh session, right ?

on the internal server: (which must run a sshd server listening on port 22), execute as regular user:

Code:

ssh -R 15900:localhost:22 an_account_at_external_server@external_server

the port 15900 is an arbitrary unused/free port on external server.

on the external server, where you have an account as user "an_account_at_external_server", run:

Code:

$ ssh -p 15900 localhost
[prompt on internal server]

voilá !

G00fy · 08-25-2008, 04:37 AM

Simple, but beautifull

Thanks !

trickykid · 08-25-2008, 09:22 AM

Instead of trying to circumvent and bend the rules to gain access, the most ethical thing to do is ask for the port to be opened by the "security guys". If they're competent admins, they'll detect you're bending of the rules and shut you off most likely, then you'll have a harder time convincing them to open the port and ultimately be on their watch and shit list, I'm an admin myself and would frown upon this type of behavior, even prompting to report you to your own supervisor and senior management. Repeat offenders usually got canned.

Now go do the right thing and ask for the access instead of breaking the rules they probably have up for good measure and security reasons.

marozsas · 08-25-2008, 09:55 AM

yes, good point, and I'm sorry to not warn G00fy before.
I don't want to help anyone to break anything; this forum is not a h@ck3r forum or whatever, even that information is public on the internet and it is a legitimate use of ssh.